<%@LANGUAGE="VBSCRIPT"%>
<%
	'SETTINGS: ADJUST BELOW THIS LINE ---------------------------------------------
	Const SITETITLE = "MaNGAM v0.2" 'site title
	Const DBUSER = "root" 'database username
	Const DBPASS = "yvan123" 'database password
	Const DBNAME = "realmd" 'database name
	Const DBHOST = "localhost" 'database host
	Const LOGONSERVER = "change.this.now" 'Logon server to enter in realmlist.wtf
	'End SETTINGS: ADJUST ABOVE THIS LINE -----------------------------------------
	
	Select Case LCase(request.QueryString("action"))
		Case "register"
			Call doRegister
		Case "accountmgmt"
			Call doAccountManagement
		Case "home"
			Call doHome
		Case Else
			Call doHome
	End Select
	
	Function connstr
		connstr = "Driver={MySQL ODBC 3.51 Driver};Server=" & DBHOST & ";Database=" & DBNAME & "; User=" & DBUSER & ";Password=" & DBPASS & ";Option=3;"
	End Function
	
	function MakeSQLSafe(s)
		MakeSQLSafe = replace(s, "'","''")
	end Function
	
	Sub doRegister()
		if request.Form("fUsername") <> "" Then
			blnSubmitted = true
			if len(request.Form("fUsername")) < 5  then
				Answer = "Your username is too short (minimum 5 chars)"
			else
				if request.Form("fPassword") <> request.Form("fPasswordAgain") 	then
					Answer = "Your passwords don't match."
				else
					if instr(request.Form("fEmail"), "@") < instr(request.Form("fEmail"), ".") then
						if isNumeric(request.Form("fExpansion")) then
							set oConn = server.CreateObject("ADODB.CONNECTION")
							oConn.open(connstr)
							set oRS = oConn.Execute("SELECT * FROM account WHERE username LIKE '" & MakeSQLSafe(request.Form("fUsername")) & "'")
							if oRS.EOF then
								oConn.execute("INSERT INTO account (username, sha_pass_hash, email, last_ip, expansion) VALUES (UPPER('" & MakeSQLSafe(request.Form("fUsername")) & "'), SHA1(CONCAT(UPPER('" & makesqlsafe(request.Form("fUsername")) & "'),':',UPPER('" & makesqlsafe(Request.Form("fPassword")) & "'))),'" & MakeSQLSafe(request.Form("fEmail")) & "','" & request.ServerVariables("REMOTE_ADDR") & "','" & request.Form("fExpansion") & "')")
							    Answer = "You are registered. You should be able to log in within 5 minutes."
							else
								Answer = "Username already token."
							end if
							oConn.Close()
						else
							Answer = "Invalid expansion selected."
						end if
					else
						Answer = "Invalid email address."
					end if
				end if
			end if
		else
			blnSubmitted  = false
		end If
%>

<h1>
<%
		if blnSubmitted then
			response.Write(Answer)
		end If
%>
</h1>
<%
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><%=SiteTitle%></title>
</head>

<body>

<h1>Registration form for <%=SiteTitle%></h1>
Please fill out the folowing form:
<form method="post" action="">
	User: <input type="text" name="fUsername" /> <br />
    Password: <input type="password" name="fPassword" /><br />
    Password again: <input type="password" name="fPasswordAgain" /><br />
    Email: <input type="text" name="fEmail" /><br />
    Choose your expansion:
    <select name="fExpansion">
    	<option value="0">None</option>
        <option value="1">TBC</option>
        <option value="2">WoTLK</option>
    </select>
    <br />
    <% Call WriteFooter %>
    <input type="submit" value="Register!" />
</form>
</body>
</html>
<%
	End Sub
	
	Sub WriteInstructions()
	%>
		Please alter your REALMLIST.WTF file so it looks like this:
		<h2>Realmlist config example:</h2>
		<pre>
			set realmlist <%=LOGONSERVER%>
		</pre>
		Then, fire up WoW, and start playing :).
	<%
	End Sub
	
	Sub WriteFooter
	%>
	<hr />
	<a href="?action=home">Home</a>&nbsp;|&nbsp;<a href="?action=register">Register</a>&nbsp;|&nbsp;<a href="?action=accountmgmt">Account management</a>
	<hr />
<a href="http://www.wow-private-server.com/index.php?a=in&u=robinbyte" title="WOW Private Servers"><img src="http://www.wow-private-server.com/images/button.gif" alt="WOW Private Servers" title="WOW Private Servers"border="0" /></a><br />
	<div align="right">
	<em>Powered by MangAM</em>
	</div>
	<%
	End Sub
	
	Sub doHome()
		%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><%=SiteTitle%></title>
</head>

<body>	
	<h1>Welcome to <%=SITETITLE%></h1>
	Welcome, please take a look at the <a href="?action=register">registration page</a> if you want to play.
	<h1>Instructions</h1>
	If you're looking for instructions, look no further:
	<%
		Call WriteInstructions
	%>
	<br />
	<%Call WriteFooter%>
</body>
</html>
		<%
	End Sub
	
	Sub doAccountManagement()
		If PerformLogin then
	%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><%=SiteTitle%></title>
</head>

<body>	
	<h1>Account Management for <%=SITETITLE%> (<%=Session("strUsername")%>)</h1>
	Currently, there are no account management functions (yet).
	<h1>Instructions</h1>
	If you're looking for instructions, look no further:
	<%
		Call WriteInstructions
	%>
	<br />
	<%Call WriteFooter%>
</body>
</html>
<%
		End if
	End Sub
	
	Function PerformLogin
		If Request.Form("fPass") <> "" Then
			Set oConn = Server.CreateObject("ADODB.CONNECTION")
			oConn.Open(connstr)
			Set oRS = oConn.Execute("SELECT * FROM account WHERE username='" & MakeSQLSafe(request.Form("fUser")) & "' AND sha_pass_hash=" & "SHA1(CONCAT(UPPER('" & makesqlsafe(request.Form("fUser")) & "'),':',UPPER('" & makesqlsafe(Request.Form("fPass")) & "')))" & " ")
			If oRS.Eof Then
				Answer = "Invalid user or password :("
			Else
				Session("strUsername") = oRS.Fields("username")
				Session("intId") = oRS.Fields("id")
				Session("blnLoggedIn") = True
			End If
			oConn.Close()
		End If
		If Session("blnLoggedIn") Then
			PerformLogin = true
		Else
		
	%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><%=SiteTitle%></title>
</head>

<body>	
	<h1>
		<%=Answer%>
	</h1>
	<h1>Log in to <%=SITETITLE%></h1>
	<form method="post" action="">
		Username: <input type="text" name="fUser" /> <br />
		Password: <input type="password" name="fPass"> <br />
		<input type="submit" value="Log in">
	</form>
	<h1>Instructions</h1>
	If you're looking for instructions, look no further:
	<%
		Call WriteInstructions
	%>
	<br />
	<%Call WriteFooter%>
</body>
</html>
<%
		End If
	End Function
%>